[Webkit-unassigned] [Bug 26391] New: cookieAcceptPolicy not fully respected

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jun 14 15:18:59 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=26391

           Summary: cookieAcceptPolicy not fully respected
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
               URL: http://www.time.com/time/world/article/0,8599,1904577,00
                    .html
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: opendarwin at lapcatsoftware.com


Summary:
On my system, I have the HTTPCookieStorage cookieAcceptPolicy set to
NSHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain (corresponding to the Safari
preference "Only from sites I visit"). However, when I load the page
http://www.time.com/time/world/article/0,8599,1904577,00.html with WebKit, I
get a cookie from ".clearspring.com", which is obviously not within the domain
of "time.com".

Steps to reproduce:
1) Launch Safari 4 on Mac OS X 10.5.7.
2) Open Safari preferences
3) Select Accept cookies: Only from sites I visit
4) Click "Show Cookies"
5) Click "Remove All" and "Done"
6) Load the page http://www.time.com/time/world/article/0,8599,1904577,00.html
7) Open preferences again
8) Click "Show Cookies" again

Expected results:
I only see cookies from "time.com"

Actual results:
In addition to cookies from "time.com", I see one cookies from
".clearspring.com"

Regression:
This bug also occurred with the immediately preceding version of Safari on Mac
OS X 10.5.7. Can't remember the exact version #, but it was 3.2.x. The bug also
occurs if you use "/Developer/Examples/WebKit/MiniBrowser" to load the page
rather than Safari.

Notes:
Running in the debugger, I set breakpoints at -[NSHTTPCookieStorage
setCookie:], -[NSHTTPCookieStorage setCookieAcceptPolicy:], and
-[NSHTTPCookieStorage setCookies:forURL:mainDocumentURL:], as well as at
setCookies() in "WebKit/WebCore/platform/mac/CookieJar.mm" with git commit
f8f4e69a4ceb5909eb64ea91fe1de7108710c552 (corresponding to svn r43960). The
methods setCookie: and setCookieAcceptPolicy: never get called. The method
setCookies:forURL:mainDocumentURL: does get called frequently, also from
setCookies() in WebKit, but when printing the cookies I never see
".clearspring.com". Thus, it's a mystery to me where that cookie is getting
set. I guess it must be set somehow without NSHTTPCookieStorage, which may
explain why it's not respecting the cookieAcceptPolicy.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list